Please comment each line of code in the .text section. Please do
this FIRST! It will make tracing
through and understanding the code much easier.
Once you understand what the code is doing, you’ll notice there is
a ‘print_a’ function that is not reachable
through the execution path of the code as it’s written. Your job is
to devise an input that overflows the
stack buffer and overwrites the $ra register causing the program to
execute the ‘print_a’ function. Please
provide the successful input that triggers the overflow, a
screenshot of the successful execution of your
attack that prints the A+ message, and a detailed description of
how you figured out how to exploit the
buffer overflow and how you devised the proper input.
Finally, you will write a small amount of MIPS code to patch the
vulnerability. Using the existing code
from overflow.s, implement logic to defeat the exploit you wrote
above. To keep you on track, your
patch should only require around ~10 lines of code. Please submit
your patched code in a file called
overflow_patch.s along with a screenshot demonstrating that your
patched code successfully
prevents the malicious input devised above from working.
MIPS Code
.data
str: .asciiz "You've earned an A+!"
buffer: .space 28
.text
li $v0,8
la $a0, buffer
li $a1, 28
move $t0,$a0
syscall
move $a0, $t0
jal print
li $v0, 10
syscall
print:
addi $sp, $sp, -20
sw $ra, 16($sp)
sw $a0, 12($sp)
addi $t4, $sp, 0
la $t1, ($a0)
load_str:
lbu $t2, ($t1)
slti $t3, $t2, 1
beq $t2, 48, null
resume:
sb $t2, 0($t4)
addi $t4, $t4, 1
addi $t1, $t1, 1
bne $t3, 1, load_str
li $v0, 4
syscall
lw $ra 16($sp)
lw $a0 12($sp)
jr $ra
null:
addi $t2, $t2, -48
j resume
print_a:
la $a0, str
li $v0, 4
syscall